Beginning April 1, 2019, we will be launching our new EPL risk management site at Univantage.EmploymentRiskSolutions.com. After April 1, 2019, you will be redirected from univantagehelpforce.com to Univantage.EmploymentRiskSolutions.com. Your existing user credentials will remain in effect and can be used to log in to the new site. Please contact The McCalmon Group, Inc., platform administrators, if you have any trouble with registration.

Welcome

Are you a new user?

Register

Or Login

Retrieve
Password

Recent Articles
How Connecting With Others Can Determine Your Success As A Manager

A survey identifies the most successful management approach to developing employee skills. How managers connect to others in the workplace is key. Read More

Severe And Pervasive Standard For Sexual Harassment Is Questioned

Employers should guide their organizational policies toward a strict, not a loose, prohibition of sexual harassment. Leslie Zieren weighs in as to why. Read More

print   email   Share

How Long Are Your Passwords?

Gnosticplayers, a hacker well-known for stealing and selling data, recently claimed to have breached the mobile game maker Zynga and accessed 218 million user records.

In September 2019, Zynga announced that a cybersecurity incident had occurred that may have compromised the account login information for some players of Draw Something and Words with Friends. The organization did not share any details or the number of users affected. Zynga said it had taken measures to protect the breached accounts.

The Hacker News reported that Gnosticplayers stated that s(he) stole data from all Android and iOS players who signed up for Words with Friends before September 2. The stolen data included names, email addresses, login IDs, hashed passwords, password reset tokens (if ever requested), phone numbers (if provided), Facebook IDs (if connected), and Zynga account IDs. Gnosticplayers provided samples of the stolen data to The Hacker News.

Gnosticplayers posted 93 million stolen records for sale on the dark web in February 2019; 26 million records in March 2019; and 139 million records in May 2019. Doug Olenick "The word is out: Zynga was breached" scmagazine.com (Sep. 30, 2019).

Commentary

Password safety is one of your most important tools for keeping your personal and business accounts protected. With hackers stealing passwords for online accounts constantly, it is important that you follow password best practices.

The average user is expected to have 200 online accounts by 2020. The sheer number of passwords to create and remember may tempt you to reuse passwords for some or all of your accounts. However, doing so is a critical mistake.

Unique passwords are an absolute must to protect you from credential stuffing attacks. If a hacker accesses just one of your passwords from an organization and sells it online, the buyer can now access any of your accounts that use the same password. Even if you do not share your credit card on that particular account, if you use the same password on an account with your personal data, you put it in jeopardy.

Long passwords are essential to protect your account from a brute force attack. Hackers use technology that can process millions of password attempts per second to guess your password. The longer and more random your password, the less likely a hacking tool can guess it. Passwords should be a minimum of 16 characters long.

However, the recommendation to create an overly complex password has changed in recent years, because computers are capable of guessing random character combinations, while humans struggle to remember them. Yet computers still struggle with long passwords, no matter the complexity. As a result, length is key.

Your long passwords do not have to be a mix of letters, numbers, and special characters. Your password can be a passphrase of all letters, as long as it is sufficiently lengthy and also random. Using a password generator can help you string together random words. Using a common phrase or words that make sense together makes your password much easier to guess. 

Of course, unique, strong passwords won't keep you safe if you give them to cybercriminals. Never share a password in response to an email request. Install software to protect against malware and keep your operating system updated.

In addition, never store your passwords in a text file. Such files are easy for hackers to steal and would give them access to all of your accounts. Either write passwords down on paper that you store in a locked safe or use a password manager or otherwise encrypt your digital passwords.

Finally, your opinion is important to us. Please complete the opinion survey:

©2010-2020 The McCalmon Group, Inc., all rights reserved. Designated trademarks and brands are the property of their respective owners. Use of this web site constitutes acceptance of The McCalmon Group's User Agreement and Privacy Policy.

News
Two-Factor Authentication Is Important For Preventing Security Camera Hackings

Cybercriminals who breach your security cameras and other devices can spy on your every move. Learn how to protect your cameras from intruders. Read More

The Cybersecurity Risk Assessment: The First Step Toward Cybersecurity

Performing a risk assessment can help your organization identify where you are vulnerable. We examine. Read More

How Long Are Your Passwords?

Long, strong unique passwords, kept secret, can help protect valuable information. We examine. Read More